CVE-2026-32255 | kanbn kan up to 0.5.4 Attachment Download Endpoint attatchment fetch server-side request forgery (GHSA-qrx8-9hc6-jvqg)

Inserito da Angelo Barbosa | Mar 19, 2026 | CVE

A vulnerability was found in kanbn kan up to 0.5.4. It has been classified as critical. The affected element is the function fetch of the file /api/download/attatchment of the component Attachment Download Endpoint. This manipulation causes server-side request forgery.

This vulnerability appears as CVE-2026-32255. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is recommended.

CVE-2026-32255 | kanbn kan up to 0.5.4 Attachment Download Endpoint attatchment fetch server-side request forgery (GHSA-qrx8-9hc6-jvqg)

Post correlati

CVE-2024-38196 | Microsoft Windows up to Server 2022 23H2 Common Log File System Driver input validation

CVE-2024-22939 | FlyCMS 1.0 category_edit cross-site request forgery

CVE-2024-1760 | Appointment Booking Calendar Plugin up to 1.6.6.20 on WordPress Plugin Data Reset cross-site request forgery

IBM CICS TX Standard cross-site request forgery (XFDB-266057)